From: Mimi Zohar <zohar@linux.ibm.com>
To: Dave Chinner <david@fromorbit.com>,
Christian Brauner <brauner@kernel.org>
Cc: Amir Goldstein <amir73il@gmail.com>,
Jeff Layton <jlayton@kernel.org>,
Stefan Berger <stefanb@linux.ibm.com>,
Paul Moore <paul@paul-moore.com>,
linux-integrity@vger.kernel.org, miklos@szeredi.hu,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-fsdevel@vger.kernel.org, linux-unionfs@vger.kernel.org,
Ignaz Forster <iforster@suse.de>, Petr Vorel <pvorel@suse.cz>
Subject: Re: [PATCH] overlayfs: Trigger file re-evaluation by IMA / EVM after writes
Date: Tue, 23 May 2023 13:35:06 -0400 [thread overview]
Message-ID: <51bc6e173bcea1f017355be5ef44a1d12c70fa7f.camel@linux.ibm.com> (raw)
In-Reply-To: <ZGqgDjJqFSlpIkz/@dread.disaster.area>
On Mon, 2023-05-22 at 08:49 +1000, Dave Chinner wrote:
> > In addition the uuid should be set when the filesystem is mounted.
> > Unless the filesystem implements a dedicated ioctl() - like ext4 - to
> > change the uuid.
>
> IMO, that ext4 functionality is a landmine waiting to be stepped on.
>
> We should not be changing the sb->s_uuid of filesysetms dynamically.
> The VFS does not guarantee in any way that it is safe to change the
> sb->s_uuid (i.e. no locking, no change notifications, no udev
> events, etc). Various subsystems - both in the kernel and in
> userspace - use the sb->s_uuid as a canonical and/or persistent
> filesystem/device identifier and are unprepared to have it change
> while the filesystem is mounted and active.
>
> I commented on this from an XFS perspective here when it was
> proposed to copy this ext4 mis-feature in XFS:
>
> https://lore.kernel.org/linux-xfs/20230314062847.GQ360264@dread.disaster.area/
>
> Further to this, I also suspect that changing uuids online will
> cause issues with userspace caching of fs uuids (e.g. libblkid and
> anything that uses it) and information that uses uuids to identify
> the filesystem that are set up at mount time (/dev/disk/by-uuid/
> links, etc) by kernel events sent to userspace helpers...
>
> IMO, we shouldn't even be considering dynamic sb->s_uuid changes
> without first working through the full system impacts of having
> persistent userspace-visible filesystem identifiers change
> dynamically...
Oh! FYI, we've started using the ability to change the UUID for IMA
testing. IMA policy rules can be defined in terms of the UUID without
impacting the existing policy rules. Changing the UUID can be used to
enable different tests without interferring with existing policy rules.
Mimi
next prev parent reply other threads:[~2023-05-23 17:36 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-05 17:14 [PATCH] overlayfs: Trigger file re-evaluation by IMA / EVM after writes Stefan Berger
2023-04-06 10:26 ` Christian Brauner
2023-04-06 14:05 ` Paul Moore
2023-04-06 14:20 ` Stefan Berger
2023-04-06 14:36 ` Paul Moore
2023-04-06 15:01 ` Christian Brauner
2023-04-06 18:46 ` Jeff Layton
2023-04-06 19:11 ` Stefan Berger
2023-04-06 19:37 ` Jeff Layton
2023-04-06 20:22 ` Stefan Berger
2023-04-06 21:24 ` Jeff Layton
2023-04-06 21:58 ` Stefan Berger
2023-04-06 22:09 ` Jeff Layton
2023-04-06 22:04 ` Jeff Layton
2023-04-06 22:27 ` Stefan Berger
2023-04-07 8:31 ` Christian Brauner
2023-04-07 13:29 ` Jeff Layton
2023-04-09 15:22 ` Christian Brauner
2023-04-09 22:12 ` Jeff Layton
2023-04-11 8:38 ` Christian Brauner
2023-04-11 9:32 ` Jeff Layton
2023-04-11 9:49 ` Christian Brauner
2023-04-11 10:13 ` Jeff Layton
2023-04-11 14:08 ` Christian Brauner
2023-04-21 14:55 ` Mimi Zohar
2023-04-17 1:57 ` Stefan Berger
2023-04-17 8:11 ` Christian Brauner
2023-04-17 10:05 ` Jeff Layton
2023-04-17 12:45 ` Stefan Berger
2023-04-17 13:18 ` Jeff Layton
2023-04-21 14:43 ` Mimi Zohar
2023-05-18 20:46 ` Paul Moore
2023-05-18 20:50 ` Mimi Zohar
2023-05-19 14:58 ` Paul Moore
2023-05-25 14:43 ` Mimi Zohar
2023-05-19 19:42 ` Mimi Zohar
2023-05-20 9:15 ` Amir Goldstein
2023-05-22 12:18 ` Mimi Zohar
2023-05-22 14:00 ` Amir Goldstein
2023-05-23 19:38 ` Mimi Zohar
2023-05-20 9:17 ` Christian Brauner
2023-05-21 22:49 ` Dave Chinner
2023-05-23 17:35 ` Mimi Zohar [this message]
2023-04-17 14:07 ` Stefan Berger
2023-04-07 6:42 ` Amir Goldstein
2023-04-06 16:10 ` Stefan Berger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51bc6e173bcea1f017355be5ef44a1d12c70fa7f.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=amir73il@gmail.com \
--cc=brauner@kernel.org \
--cc=david@fromorbit.com \
--cc=iforster@suse.de \
--cc=jlayton@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-unionfs@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=paul@paul-moore.com \
--cc=pvorel@suse.cz \
--cc=stefanb@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).